From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail02.groups.io (mail02.groups.io [66.175.222.108]) by spool.mail.gandi.net (Postfix) with ESMTPS id CC63AAC0D01 for ; Thu, 5 Oct 2023 06:31:56 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=wVOlr09D1FXbN3kqkaZRNNJkVv5zfJAWXB3CYp6D5F0=; c=relaxed/simple; d=groups.io; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:Message-ID:Date:User-Agent:Subject:To:Cc:References:From:In-Reply-To:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding; s=20140610; t=1696487515; v=1; b=DrgkLwN6oRiqGfpg8WqaoaD1L5y+zeF8DZbEKcfnEG5YfCHzF1Vg8PM7t1VqepSz39R7BA6z d6L3qIGikNwSpjEsljRS9IFbnki5J04PwcgSZ6svziXNAO7eZL4rXo9a/e0xkLgsKrf+eOkWNKX UeAc9SCcb30VHGNtWtXOrRuc= X-Received: by 127.0.0.2 with SMTP id oPF5YY7687511xGfv22HAuZP; Wed, 04 Oct 2023 23:31:55 -0700 X-Received: from NAM10-MW2-obe.outbound.protection.outlook.com (NAM10-MW2-obe.outbound.protection.outlook.com [40.107.94.124]) by mx.groups.io with SMTP id smtpd.web11.9692.1696487514522172158 for ; Wed, 04 Oct 2023 23:31:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kwzTBXXl3OExCZUScELj5GGI72ntb8GXavjgUqrG0ZW3Pal7PtnwhbtBTd8k8U8o1PtNT4TSlJNBlotg3c0iFx6DeacYECR0bC2K893EDRRSa8bOo3f2miL+TNnC2+Yuz9YaFCDgt4BLK+Hi+g26p0EwsHoah/nowh7rEtcuIAfPFFM5kFO458wnnbBehEwRXHtlbqN3YTWK82Udj2Im3yEjnLKzOcv1ptVS3bcRyFu22sxXo/q1DSbkEDZuRf392dvAN3F29qTcxEj3RPk6f3WpqzIPbdmY1ZbeINKTi6wUEOeZXlfaYJgHJRlegSAoHp2C2PDKQYz1gnsrWERPKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=j0E4tVJW/d6sriniX8KBqPQ+fpk15Obh6zgpz6pT3WA=; b=HDsk9cMO3jftEsMv7c6rHEQNVIyJWaQOfim5GWcZ31j7CZ8r1PzoUgwwoWVA6cidcob3kdDqoaLUG6v5GLpSUmadHuwHLecFeL7bnXFMMiZrpwbbxYUug/T3b2VplUhDM0CYy2AlTb7YntCxv4iyXsS6JtEehM9MR7nqpdaQxOzPgvRTwj67RBP/nI2Qz5Yw5lQt1szXkdwRj1+imo8raICFDbm+OmlF1ViiaVXkNeqs9HTspWPCzD3cSLxV3RXvHI3YW04LUkosLXApO95MrclxCtCzOgZpPkFBhpLSgLp4np89TbEtwgWhxbq1N+QtxJy1gYlWsu7PkT8iR0Exqg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=os.amperecomputing.com; dmarc=pass action=none header.from=os.amperecomputing.com; dkim=pass header.d=os.amperecomputing.com; arc=none X-Received: from PH0PR01MB7287.prod.exchangelabs.com (2603:10b6:510:10a::21) by CO1PR01MB6598.prod.exchangelabs.com (2603:10b6:303:f8::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6838.33; Thu, 5 Oct 2023 06:31:51 +0000 X-Received: from PH0PR01MB7287.prod.exchangelabs.com ([fe80::dc7b:d4c5:71cf:1ea0]) by PH0PR01MB7287.prod.exchangelabs.com ([fe80::dc7b:d4c5:71cf:1ea0%4]) with mapi id 15.20.6838.024; Thu, 5 Oct 2023 06:31:51 +0000 Message-ID: <4f7bcd27-35a6-33bf-61b4-4cafc6d23d5c@os.amperecomputing.com> Date: Thu, 5 Oct 2023 13:31:38 +0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.15.1 Subject: Re: [edk2-devel] [PATCH 1/1] ArmPkg: Add Pcd to disable EFI_MEMORY_ATTRIBUTE_PROTOCOL To: devel@edk2.groups.io, kraxel@redhat.com, Ard Biesheuvel Cc: Oliver Steffen , Ard Biesheuvel , Daniel Schaefer , Eric Dong , Leif Lindholm , Liming Gao , Michael D Kinney , Rahul Kumar , Ray Ni , Sami Mujawar , Sunil V L , Zhiguang Liu , Taylor Beebe , Oliver Smith-Denny , Michael Kubacki References: <20230619203244.228933-1-osteffen@redhat.com> From: "Nhi Pham via groups.io" In-Reply-To: X-ClientProxiedBy: SG3P274CA0020.SGPP274.PROD.OUTLOOK.COM (2603:1096:4:be::32) To PH0PR01MB7287.prod.exchangelabs.com (2603:10b6:510:10a::21) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PH0PR01MB7287:EE_|CO1PR01MB6598:EE_ X-MS-Office365-Filtering-Correlation-Id: e4988017-ddb3-4d05-ff1f-08dbc56cc218 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Message-Info: JvbtjoRIr2MU4NF7aAmLdU1lR/9UXBtBDsSoNmh2VWHJNhUQf+/rJflUqQVqSWyqbuwKCPLAYV0CJDWpntJdUGxphUuvJ1fHrucFJn/RHxfJR8qlUv0W+l3Z7zFqivzYhIQzPE+1wZwrWyWIQgb6w8BIuZMW3qSivck1OFg6Hj6VFSFmanMXJsEbAoHRdCl0juibFq2FfqwzdewwPUYt8HGSDHALEPdOxzXgLcCbGr1VK2mic/uq/2P4Jzgrz/eQ2FU9D2sjRmKMxaQrIcgdErLq/xWEU8Oq5KN9qpj6J4RuUMqpFgZUB1rdkr+fuyrtQju4n/YEwe0oNqUhZ9YzwmuqLhQaQ7+fUdrw5q5pux4V6DBuU8xkjd0niwozPvAxGGquie2m1lIZZCtjXnEcjBmFiWeqPPZQblMZS7O67vIu8h0UZ2Xw8nM5+5pDv0dR9G272zu9d9R4Zbk3/rG9AiN6+dkqyia0RDSeqx5kcssagVQl+yjvkrIWRnvlhNvsb4EfWkdhL5O9xN593CMezEG9UempJa2zTh8a4MrTfN0im3RBQT+3V8xshQU12QekC9wV/2c++wOyhsGxbvPHqo1lSVGjWe7e5zWh2v1us5uUtnTgfySJ+L+Fm5BYa5/wZEuF9rEpCJpOxr8G4kN3Yw== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dUhoVVBiZTRpZEk5K1J5cnN5bkUrMTJpazRUTnNFWHdEbjh2c1dNWnRwclpE?= =?utf-8?B?bUJOcDRlWElTUFc3U1kwZGtNb0xDSWthaXVWWDh6SlJGelAzRHJ6RWlpODBX?= =?utf-8?B?VWhHTTZiYUQzejdjenJJRjhCSUVGdS9HV2pHdUVMOGRDU3ZTRTdadEh0Wmkw?= =?utf-8?B?Z29MNXNLWnhNdjdQZUh6TXB5cVpjZ3k1NHpBKzliZk1OaDlRam5sZ0hSbW9a?= =?utf-8?B?eEZFbHZwek4vRzFKUzBIbHpaTXc3ZEVkZitYMllEc292eEJWMUljQWxuN1F6?= =?utf-8?B?MVdBQzdqalFzYkY4QlBJYkJzb1RSNTV0ek5JTDFIcGl2RTFOaUFZellKYXhF?= =?utf-8?B?emdSVjhwQmJ0dTRQd3Y1bVpSaThyQWJ1Z2JhRmNaenVCUzk3WFJ2Mko0VUFn?= =?utf-8?B?YTRXY0E0ODh5MkN1S2pSTTVBYnpQSXp2enBPT2hiMmZYQm9nOTF4VEg0OWtY?= =?utf-8?B?Rk1ZaEFjclg3ZU1zM2VzUmVOcjlKQUtjTHA5UXNXWjM4Z2lBeDFoeEdGNEpk?= =?utf-8?B?NVFYckEzQ3ZRMzhISFprZ1NQdHRsazJwZzJEcWVsQmwxWDN4NmRoejZPK3l1?= =?utf-8?B?V2xxRTBYUmF0NVl3bWtyemtMNWRmRm1Cbjg0WlpJL0dCci83dnRGZ2lVU0FB?= =?utf-8?B?ejFuaklWVWhMSnVSRTYxZklDNVYxVzBRanBLV05OdnFUVmZpYjFvbU1pbFhl?= =?utf-8?B?bXRWWGZoYzZEQXFPQXdYb24zeWM1azErWU1mRjJ6UGZJYTgxbko1MGVrdEM0?= =?utf-8?B?cm9sQVN6eUZFVDNONnMwRGlqWloydGp1U0NlWUVMNC82TVRXTWI3S05FOGJK?= =?utf-8?B?NFM4OEhJUXVOM2VqMlg3VmtROVp2eHZRaGFsbFRSZXRUd1ZzK2w2S1hkZW03?= =?utf-8?B?aHprM0ZicG5aQnVSTExyZXlTQjNQN05SWWdieElHcmtrYTRyYmdhOW51Y3la?= =?utf-8?B?cksraFhQRjQyOTIySWpLNFVxbXpCWUZWa2dpMSt5VGZiWTkzVU4waEJkVGtw?= =?utf-8?B?YzFYZXIrZGRTKzc4SEY5Rndmc2hwZElpY1lJM1NabDlyNm9GK1RiM1ZZUS8r?= =?utf-8?B?Z1lrYTJ5emFDVSthR0JvdFBSRWF0VDgvQ3EyTGsydnZBVkNqanMwVks2UWkr?= =?utf-8?B?SC94QVlRbkxhSGIzOEk3dS8yUE5Ndm1vNndKSHJiVWlWNUxvK2FhZXNKbExH?= =?utf-8?B?c1V2UDRyZ00wMmEzYldHUGIxVk1XNVlEMEpiNE90d05WVnNXeitCUlRVaWRM?= =?utf-8?B?WDU2QkZ3WHdQM1lnais4NTJrdDIxT2NPdHErZ01sV0RIUXhEUUZVN2MzaUp5?= =?utf-8?B?L2w1bXEraks2V2o4VDFHY0xza2F6REViT1o0R00rR3k1TG4wU1Y3UThYb1lR?= =?utf-8?B?S1R1UjJmb0o2Wm0xM29nRG5LamRnQ3JUN2V0MlkvMmcvamNxTGdNZnIzUGJp?= =?utf-8?B?QUIrRmV2N0FieFF1MHBvdjFzc0Fvbm9iaVBtZ280UWJzYmNUQmFzRE1UZmJa?= =?utf-8?B?c2t6aTFaOGhwZmpIeUczaUZTdWd0dFJNc3JybDMrUHUrZjJUVWZzblNHenoy?= =?utf-8?B?RzVZbk5OVFJHeEoxSFlaT2UwNng2d0NGZUNzdm1nUGdqNURFajU2c3FkaE9m?= =?utf-8?B?V0xMc1JaY0VZSFZRbHd0enZPZmlYakdTM1RMZ2NxTHgyNlVEK3hoMHdzTE5N?= =?utf-8?B?c2NWNXZKZGVmYWNBbElwZll6UnBTYkZCcExSbVJPdEMrQjBiS0FFWGRUdlRn?= =?utf-8?B?bURtSVYzeW5TRkVIVjZPQ0JpT1NJNllsV3VMbUJ1RXVyRktoV1hJaldER3hO?= =?utf-8?B?c2FmQ0R0TnN1aWRPYmZrTzc3MkY1VEpHTzhKUDA3VCtSRnZhU0MxT2dIUk5X?= =?utf-8?B?TDI2ZnBxbDdVTVgvRXQwK1FwOUxKVjB4Y1g1TDJSSFcvT3djS2RWTnZXV0xV?= =?utf-8?B?V2VUR2Rrb015S29Ta1dYdVdvbXRpVDVYSXR0WHFCOXUva0VaMFlGZXFXbXhi?= =?utf-8?B?VksyQjMrVVJNY3paandXNmF1c0k1TXoydmlZblQwcEpYZU1ITGF3S1ZnK2N6?= =?utf-8?B?TE5sdytjRDVmdGpKVGhmdWlPN2NGcTJVV29yMCtSdG40QVIwYlQxRGlQTmdt?= =?utf-8?B?YTg1VlhIRmt3cGxJNlhlc3BVNU5HNUZwNjVGcXNDMUhyczJocVJ0cU1UZXF2?= =?utf-8?B?ZlE9PQ==?= X-OriginatorOrg: os.amperecomputing.com X-MS-Exchange-CrossTenant-Network-Message-Id: e4988017-ddb3-4d05-ff1f-08dbc56cc218 X-MS-Exchange-CrossTenant-AuthSource: PH0PR01MB7287.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Oct 2023 06:31:50.8487 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 3bc2b170-fd94-476d-b0ce-4229bdc904a7 X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: rWQ4O/tgDd+7OXbrIe2yNf3sQoof6tavXC53gxnk7YXje/HmonwwWALpOZ++6Fo3vod9nWjMrZPSC9dbgjXQFAda0R6fg7MbZSFFtwzqNrg= X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR01MB6598 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Reply-To: devel@edk2.groups.io,nhi@os.amperecomputing.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: qZk73YsVJbZVaT3DNVLTtwkqx7686176AA= Content-Language: en-US Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20140610 header.b=DrgkLwN6; arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}"); dmarc=none; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io Hi Ard, Oliver, I'm investigating the crash on grub2/shim loader due to the added=20 EFI_MEMORY_ATTRIBUTE_PROTOCOL when rebasing. I found this interesting=20 patch and went through on the discussion, I am still not sure the=20 conclusion on this patch. This issue impacts many platforms, and any downstream edk2 has to clone=20 this patch to disable the EFI_MEMORY_ATTRIBUTE_PROTOCOL until we have=20 the loader fixed, maybe years. So, I wonder whether we can merge this=20 patch with changing PcdEnableEfiMemoryAttributeProtocol to be disabled=20 by default in DEC? This provides downstream platforms with the=20 flexibility to enable/disable it as per their preference, rather than=20 having to clone this path to their local repository. Furthermore, it=20 does not impact the default installation of the=20 EFI_MEMORY_ATTRIBUTE_PROTOCOL in the mainline. Thanks, Nhi On 6/20/2023 11:03 PM, Gerd Hoffmann via groups.io wrote: > On Tue, Jun 20, 2023 at 04:16:40PM +0300, Ard Biesheuvel wrote: >> On Tue, Jun 20, 2023, 12:33 Gerd Hoffmann wrote: >> >>> On Mon, Jun 19, 2023 at 10:32:25PM +0200, Oliver Steffen wrote: >>>> Recent versions of shim (15.6 and 15.7) crash when the newly added >>>> EFI_MEMORY_ATTRIBUTE_PROTOCOL is provided by the firmware. To allow >>>> existing installations to boot, provide a workaround in form of a Pcd >>>> that allows tuning it off at build time (defaults to 'enabled'). >>> >>> Background: We have untested + broken code for >>> EFI_MEMORY_ATTRIBUTE_PROTOCOL support in the listed shim releases. >>> >>> Now that firmware starts to actually provide that protocol the >>> time bomb explodes. >> >> Fantastic. >> >> This is kind of a big deal, really, and just turning it off for ArmVirtQ= emu >> does not help at all with the fact that these shim builds will crash on = any >> platform that implements the protocol. (Including x86) >=20 > Sure. This hits VM firmware first because we quickly rebase our builds > to new edk2 stable tags. But yes, this is not limited to VMs and > likewise not limited to arm. >=20 >> Given that secure boot is kind of pointless on this particular platform >> anyway, maybe this is a good opportunity to make shim optional in the bo= ot >> chain? I understand that this does not fix existing builds but shim prov= es >> to be such a problematic component that you really should not be using i= t >> if there is no need. >=20 > I'd love to ditch shim.efi, even with secure boot. For VMs one can > just enroll the distro signing certificate to 'db' and be done with > it. >=20 > Unfortunately shim has a solid position being *the* entry point for > linux efi systems due to being the only piece of software carrying a > microsoft signature. Especially on install media you can't really have > more than one (such as different binaries depending on whenever secure > boot is on or off). For installed systems and cloud images shim also > creates/restores BootNNNN entries. >=20 > Additional problem is that shim is the piece of software which handles > sbat revocations, so even in case the distro cert is enrolled in 'db' so > the certificate handling implemented by shim is not needed I can't just > ignore shim.efi. >=20 >> As for the protocol, this has its own set of problems, and the bug in >> question can partly be blamed on the misdesigned api, which has separate >> set and clear methods. Not only does this force the implementation to >> traverse the page tables twice for the common case of switching between = RO >> and XP or vice versa, it also means we lose any transactional properties= of >> a RO <-> XP switch. I.e., if we could make it the implementation's >> responsibility to ensure that such a transformation either completes >> successfully, or otherwise, doesn't make any modifications at all, the r= isk >> of ending up in a limbo state is reduced significantly. >> >> So maybe there is still opportunity for specifying a MemoryAttributes2 >> protocol with a single method for set and clear? We could just drop the >> current one in that case. >=20 > Sounds reasonable to me. >=20 >> In any case, while i can see how this patch helps make all your ci statu= s >> icons turn green again, it does so by papering over the underlying issue= so >> I'm not a fan. >=20 > Yes. It's not a solution, it's a workaround which we could use to turn > off EFI_MEMORY_ATTRIBUTE_PROTOCOL for a year or two, depending on how > quickly the shim / distro folks get their act together and updates > rolled out. >=20 > I'm not a fan either, but we need some temporary stopgap, and given that > others likely meet the very same problem too we figured sending it to > the list is a good idea, and here we are ;) >=20 > take care, > Gerd >=20 >=20 >=20 >=20 >=20 >=20 -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#109343): https://edk2.groups.io/g/devel/message/109343 Mute This Topic: https://groups.io/mt/99631663/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-